Privacy Self-Management and the Issue of Privacy Externalities Managing One’s Privacy Badly, and Others’ Even Worse

Abstract

Privacy online is mostly a matter of self-management — or so it is expected from individual data subjects, through the ‘notice-and-consent’ (N&C) model of privacy-protection. However, strong evidence shows that privacy self-management is too demanding for most people. To this burden, I add the overlooked burden of respecting the privacy of others, which is threatened by the issue of privacy externalities — a natural consequence of privacy being an interpersonal matter in some respects. Regarding this new issue, I first discuss the wide range of ‘negligent’ practices (such as uploading pictures online or sharing one’s genetic information) which generate privacy externalities (the impact on third-party subjects’ privacy). I then argue that this issue cannot be solved through N&C alone without disproportionate consequences, and explore three alternative or complementary models of privacy-protection in which the tension between our values (privacy-as-control) and our convenient (and negligent) way of life may be eased. I then suggest a blend of these which, together with N&C, appears to solve both the issue of burdensomeness and that of disproportionality. The prominent element is an individual’s duty of care for others’ privacy, intended to internalise privacy externalities. I close by highlighting the aspects of this suggested solution for which research is most direly needed.